Professional Documents
Culture Documents
were able to encounter only a single vulnerability like have different types of mobile devices like smart phones,
battery based IDS can only identify attacks done on the laptops, personal digital assistants and many more. The
battery of the device.[2] So none of these devices were able operation of this IDS is make the mobile agent to visit each and
to provide protection against multiple attacks. every mobile device in the network by traversing from one
device to another and collect all mischievous activities from all
In this paper, we present a brief discussion on mobile IDS, devices. This IDS system is good for devices with low
their distinct types, how they perform their task in doing processing power. On the other hand determining a threat on a
detection, their pros and cons. particular node in the network will contribute in protecting the
whole of the network from a security attack. This scheme was
II. MOBILE IDS
proposed by Kannadiga in 2005.[6] But it has various
The main features of a mobile device are: it is able to limitations. In this signatures are created by performing
access different networks, low memory and lower malicious exercises on static nodes. So this is more suitable for
processing power and distinct group of services. The existing a particular host than for a device which is dynamic in
IDS are not compatible with the mobile devices.[3] nature. Since mobile devices move from one node to another, it
Network based IDS monitor the traffic of a particular provides no more protection to the device when the device
network but a mobile device is the one which roam in leaves a particular network. Thus it fails to provide
different networks. In case of Host based IDS , they are too protection against malware attacks.
hard to be managed by mobile devices. The first attack ever
happened on a mobile device was ”telephony service fraud” Battery Based Mobile IDS
which occurred in 1995 Battery is the lifeline of every electronic device and
.[4] This attack refers to theft of a mobile device or cloning we need good battery power to keep the system working
of the SIM card. Then the attacker can enjoy all the services efficiently. Now if the system does not have much power to
provided by the original SIM card. He can see all your SIM execute various processes on time, it may lead to loss of the
data and information like files, messages and can also make information and can even cause the device to stop various
calls, use Internet but the all the bill has to be paid by the services. And the attacker makes the use of this limitation.
original user. Until the user does not get any notification, The attacker may perform an attack by draining the battery
he is unaware of the fact that his card has been cloned.The of the system as a result various services of the device may
major concern is this attack can be used by a criminal or an stop.
attacker to make a contact to its other parties without being
traced. Generally, sleep deprivation attacks are performed on the
battery of the device which leads to the exhaustion of the
By the time an improvement was made in the features of
battery power.[7] Such attacks make battery of the device to
the mobile devices like increase in the processing power, as
get drained out faster than it what would be with the normal
a result email services became feasible and large data files
consumption. The attacker usually makes best efforts such
can be stored or exchanged but increase in facilities also
that the battery do not get a chance to enter the power saving
increased the security threats to these mobile devices such as
mode and make the battery to exhaust completely by keeping
DOS attacks, information disclosure and malware attacks.
it busy. The attacker can use three strategies to do that:
III. SIGNATURE BASED DETECTION IN
MOBILE IDS 1) Malignant power attacks
Signature based detection in mobile IDS is used to encounter 2) Benign power attacks
malware or DOS attacks. The work in this field began in 3) Service Request attacks
2000. It si basically classified into two classes, mobile agent
based mobile IDS and battery based mobile IDS.[5] In malicious power attacks, the attacker makes the processor
to consume more power than it’s actual consumption. In
benign power attacks, the processor is made to execute a
A. Mobile Agent Based Mobile IDS genuine or authenticated job but the job is of very high
This is generally developed for ubiquitous computing power consumption. Such tasks are given to the processor
surroundings, means those surroundings in which we can repeatedly, as a result the power of the battery drains out.
In service request attack, the victim is asked for providing which are most commonly taken the person who owns the
services repeatedly over a network. Now even if device may mobile device and which are the most favorite routes of that
not provide the services but still it will consume power in person. It stores these patterns as the valid routes taken by the
deciding whether to provide services or not. person. Now, if the mobile device of the person got stolen then,
the thief will take a completely different route and it is an
To tackle, these attacks done on the battery, three proposals attack detected by the IDS.[10] This scheme still have a lot of
were made: Gibraltar, Battery Based Intrusion Detection limitations like it is not able to detect any malware or attacks
Model and Power Secure Architecture. All of these have related to the data. It is not able to detect any attack if the
almost the same working principle. As we know that the person is walking who is carrying a mobile device. It only
consuming power of each device is different, so the pattern detects when the person is traveling in any vehicle.
of attacks performed on each device will also be different.[8],
[9] So on each of the device the patterns of battery IDS system which is made for detecting telephony based
consumption are recognized and signatures are constructed attack, checks the calling data of the user, both incoming and
according to that. The signatures of every device would be outing. It checks out the date of the call made, its start time and
different. Now, the IDS system constantly keep an eye on all end time, the number on which the call is being made in order
the activities of the battery of the device and compares it with to detect any fraud, cloning of the SIM card or when the
the signatures in order to detect the intrusions. However this mobile device got stolen. By collecting all this information,
is a good scheme to detect the malware attack but detection certain records are maintained which contains the patterns of
of a malware signature is not an easy task. most called numbers , calling duration and timings. A
particular threshold is maintained up to which a deviation
IV. BEHAVIOR BASED MOBILE IDS from such patterns is acceptable. But if the deviation very
There are many facilities being provided by the mobile much abrupt and is greater than the threshold then it is an
devices but the way people use these facilities is quite attack. There are many type of telephony based mobile IDS,
different. Every service provided by the mobile device is like Stormann, Notare, which are based on supervised learning
used in a completely different way by every person, so the while devices like Samfat and Molva are based on
pattern of the attack made on any particular mobile device unsupervised learning. These are really a good IDS system
vary from person to person. Behavior based mobile IDSs are because it generates very less false positives. But the major
are mostly used for detecting telephony fraud, cloning of the drawback is, it is only based on detecting telephony based
SIM card or device being stolen or lost. Behavior based IDS attacks and provide no detection against any other type of
are all network based because the performance of particular network based attacks. Also they cannot detect malware or
device is observed by the service providers of the network. attacks related to the data. This IDS system is generally
operated by the network service provider, so there is o
These are generally categorized into three groups: responsibility of the mobile device.[11]
1) Migration Itinerary Based Mobile IDS Since the mobile device travels from one network to another it
2) Telephony Based Mobile IDS is very much prone to the migration based attacks. Migration
3) Migration Mobility Based Mobile IDS mobility based IDS was designed to provide attack detection
services when a device migrates from one cell to another.
Migration Itinerary based mobile IDS is used to detect Its is almost similar to the migration itinerary based mobile
traditional attacks happening on the system when a system IDS.It also maintains a particular threshold, when a particular
migrates from one network to another. This does not keep a task crosses that threshold, it is an attack. Various mobility
check on the activity of the mobile device within a particular based IDS were developed which give the best performance,
network rather it keeps a check on the device from the with almost 95 percent accuracy and 5 percent false positives.
network cell, from where it started the journey to the end There is one such system mentioned in [12], which even
of the destination. So, basically it observes the patterns that keeps a check on the patterns of the user on the working
the mobile device routes through the different networks and days and weekends along with accuracy.But again, the major
maintains a database of all the routes that the device takes. drawback is t only detects the attack when the user is traveling
It checks the patterns and sees that which are the routes at the speed of at least 60 miles in one hour. If the person is
REFERENCES
[1] H.-J. Liao, C.-H. R. Lin, Y.-C. Lin, and K.-Y. Tung,
“Intrusion detection system: A comprehensive review,”
Journal of Network and Computer Applications, vol. 36,
no. 1, pp. 16–24, 2013.
[2] D. C. Nash, T. L. Martin, D. S. Ha, and M. S.
Hsiao, “Towards an intrusion detection system for
battery exhaustion attacks on mo- bile computing
devices,” in Pervasive Computing and Communications
Workshops, 2005. PerCom 2005 Workshops. Third IEEE
International Conference on. IEEE, 2005, pp. 141–145.
[3] D. Michalopoulos and N. Clarke, “Intrusion detection
system for mobile devices,” Advances in Networks,
Computing and Communications 4, p. 205.
[4] F. Li, N. Clarke, M. Papadaki, and P. Dowland,
“Behaviour profiling on mobile devices,” in Emerging
Security Technologies (EST), 2010 International
Conference on. IEEE, 2010, pp. 77–82.
[5] H. Wu, S. Schwab, and R. L. Peckham, “Signature based
network intru- sion detection system and method,” Sep.
9 2008, uS Patent 7,424,744.
[6] P. Kannadiga, M. Zulkernine, and S. I. Ahamed,
“Towards an intrusion detection system for pervasive
computing environments,” in Information Technology:
Coding and Computing, 2005. ITCC 2005. International
Conference on, vol. 2. IEEE, 2005, pp. 277–282.